How to pass 70-411 exam easily? Are you struggling for the 70-411 exam? Good news, Lead2pass Microsoft technical experts have collected all the questions and answers which are updated to cover the knowledge points and enhance candidates’ abilities. We offer the latest 70-411 PDF and VCE dumps with new version VCE player for free download, and the new 70-411 dump ensures your 70-411 exam 100% pass.

QUESTION 341Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 has the Web Server (IIS) server role installed.On Server1, you install a managed service account named Service1. You attempt to configure the World Wide Web Publishing Service as shown in the exhibit.

You receive the following error message:

“The account name is invalid or does not exist, or the password is invalid for the account name specified.”

You need to ensure that the World Wide Web Publishing Service can log on by using the managed service account.What should you do?

A. Specify contoso\service1$ as the account name.B. Specify service1@contoso.com as the account name.C. Reset the password for the account.D. Enter and confirm the password for the account.

Answer: AExplanation:A managed service account is designed for service applications such as Internet Information Services, SQL Server, or Exchange to provide the following.:

– Automatic password management, so that these services can be separated from other services on the computer better.– Simplified SPN management Service Principal Name (SPN) that allowsservice administrators to set SPNs on these accounts. In addition, SPNmanagement can be delegated to other administrators.

Managed service accounts are created using PowerShell cmdlets and managed. The accounts are identified by a dollar sign at the end of the login name. After the logon name is correct, the settings are applied and the account will have the right to log on as a service given.

QUESTION 342Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. The domain contains three servers that run Windows Server 2012.The servers are configured as shown in the following table.

Server1 and Server2 are configured in a Network Load Balancing (NLB) cluster. The NLB cluster hosts a website named Web1 that uses an application pool named App1.Web1 uses a database named DB1 as its data store.You create an account named User1.You configure User1, as the identity of App1.You need to ensure that contoso.com domain users accessing Web1 connect to DB1 by using their own credentials.Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Configure the delegation settings of Server3.B. Create a Service Principal Name (SPN) for User1.C. Configure the delegation settings of User1.D. Create a matching Service Principal Name (SPN) for Server1 and Server2.E. Configure the delegation settings of Server1 and Server2.

Answer: BEExplanation:To enable impersonation to connect to the database server, the delegation settings for constrained delegation must (computer only trust for delegation to specified services) can be configured. Subsequently, the service principal name can be specified for the identity of the application pool as a delegate service.

The role of the service principal name to authenticate on SQL Server, if an application opens a connection and uses Windows authentication, passes the SQL Server Native Client to SQL Server computer name, -Instanznamen and optionally an SPN. If the connection passes an SPN, it is used without modification.

When the connection is no SPN, a default service principal name is created based on protocol, server name and instance name used. In both scenarios, the Service Principal Name is sent to the Key Distribution Center to a security token for retrieve authenticate the connection. If no security token can be retrieved using NTLM authentication.

A Service Principal Name (SPN, Service Principal Name) is the name that uniquely identifies a client about an instance of a service. The Kerberos authentication service can an SPN to authenticate a service use. When a client wants to connect to a service, it locates an instance of the service, posted an SPN for that instance, connects to the service and transfers the SPN to authenticate to the service.

The preferred method for authenticating users at SQL Server is Windows authentication. Clients that use Windows authentication to authenticate with NTLM or Kerberos. In an Active Directory environment, Kerberos authentication is always performed first. The Kerberos authentication for SQL Server 2005 clients that are using named pipes, not available.

QUESTION 343Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC4 that runs Windows Server 2012.You create a DCCloneConfig.xml file. You need to clone DC4.Where should you place DCCloneConfig.xml on DC4?

QUESTION 344Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. On DC1, you add a new volume and you stop the Active Directory Domain Services (AD DS) service.You run ntdsutil.exe and you set NTDS as the active instance. You need to move the Active Directory database to the new volume.Which Ntdsutil context should you use?

A. Configurable SettingsB. Partition managementC. IFMD. Files

Answer: DExplanation:The Ntdsutil utility is used for using the Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). It allows numerous tasks of maintenance. In order to Volume E both the database file and the associated log files in the directory NTDs: to move, you can successively make the following entries:

QUESTION 345Your network contains an Active Directory domain named adatum.com. The domain contains a domain controller named DC1. On DC1, you create a new volume named E.You restart DC1 in Directory Service Restore Mode.You open ntdsutil.exe and you set NTDS as the active instance. You need to move the Active Directory logs to E:\NTDS\. Which Ntdsutil context should you use?

QUESTION 346The contoso.com domain contains 2 domain controllers running Server 2012, AD recycle bin is enabled for the domain.DC1 is configured to take AD snapshots daily, DC2 is set to take snapshots weekly. Someone deletes a group containing 100 users, you need to recover this group.What should you do?

Answer: CExplanation:Active Directory Recycle Bin, starting in Windows Server 2008 R2, builds on the existing tombstone reanimation infrastructure and enhances your ability to preserve and recover accidentally deleted Active Directory objects.When you enable Active Directory Recycle Bin, all link-valued and non-link-valued attributes of the deleted Active Directory objects are preserved and the objects are restored in their entirety to the same consistent logical state that they were in immediately before deletion. For example, restored user accounts automatically regain all group memberships and corresponding access rights that they had immediately before deletion, within and across domains.https://technet.microsoft.com/en-us/library/hh831702.aspx

QUESTION 347You have a RODC named Server1 running Server 2012.You need to add a RODC Administrator.How do you complete the task?

A. dsmgmt.exeB. ntdsutilC. Add user to Local Administrator Group on Server1D. Use Security Group and modify RODC Delegated Administrator

Answer: DExplanation:A read-only domain controller (RODC) offers the possibility of dividing the Administrator role. This means that each domain user or security group can be used as a local administrator of an RODC without the user or group must be granted rights to the domain or other domain controllers.

A delegated administrator can log on to an RODC to maintenance work on the Server execute to update z. B. to a driver. The delegated administrator is not, however, be able to log on to another domain controller, or perform other administrative tasks in the domain. In this way, the effective management of RODCs a branch office to a security group from branch office users, instead of individual members of the Domain Admins group are delegated, without jeopardizing the safety of the rest of the domain. Before you install a read-only domain controller can in the wizard for making a account for a read-only domain controller, a user or a group Wreden defined as delegated RODC Administartor.

To grant a user or a group after you install a read-only domain controller local administrator rights for a read-only domain controller (RODC), the settings on the tab can Maintained by be configured in the properties of the computer account of RODC1. can open the Utilities dsmgmt and Ntdsutil for adding a delegated RODC administrator be used.

Microsoft recommends expressly that utilities dsmgmt and Ntdsutil not to be used for this purpose and instead specify a group which the Administrator Role Separation can be controlled.

The background is that the user, the password have been set with the help of dsmgmt or Ntdsutil as delegated RODC administrator can not be easily determined in retrospect.

QUESTION 348A computer does not support PXE, what kind of image do you need to create?

A. bootB. installC. discoveryD. capture

Answer: C

QUESTION 349Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012.The domain contains two organizational units (OUs) named OU1 and OU2 in the root of the domain. Two Group Policy objects (GPOs) named GPO1 and GPO2 are created. GPO1 is linked to OU1. GPO2 is linked to OU2. OU1 contains a client computer named Computer1.OU2 contains a user named User1.You need to ensure that the GPOs applied to Computer1 are applied to User1 when User1 logs on.What should you configure?

Answer: BExplanation:Due to the policy setting loopback User Group Policy in the path Computer Configuration \ Administrative Templates \ System \ Group Policy the set of GPOs applied to the computer for each user who logs on to a computer, this setting applies. This setting is intended for computers with a special purpose, eg. As for computers in public, in laboratories or classrooms where the user settings must be changed depending on your computer. By default is set by the GPOs the user, which user settings are applied. If you enable this policy setting, but the GPOs the computer determine when the user logs, which rate is applied GPOs. If you enable this policy setting, you can select one of the following modes from the “Mode” field:“Replace” indicates that the conditions laid down in the Group Policy objects for the computer user settings replace the user settings normally applied to the user.

“Merge” indicates that the conditions laid down in the Group Policy objects for the computer user settings and the user settings normally applied are combined. If the settings conflict, putting the user settings in Group Policy on the computer of the user override the normal settings.

If you disable this setting or do not configure determine the user’s GPOs, which user settings are applied.

QUESTION 351Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2012. One of the domain controllers is named DC1. The DNS zone for the contoso.com zone is Active Directory-integrated and has the default settings. A server named Server1 is a DNS server that runs a UNIX-based operating system. You plan to use Server1 as a secondary DNS server for the contoso.com zone. You need to ensure that Server1 can host a secondary copy of the contoso.com zone.What should you do?

A. From Windows PowerShell, run the Set-DnsServerForwarder cmdlet and specify the contoso.com zone as a target.B. From Windows PowerShell, run the Set-DnsServerSetting cmdlet and specify DC1 as a target.C. From Windows PowerShell, run the Set-DnsServerPrimaryZone cmdlet and specify the contoso.com zone as a target.D. From DNS Manager, modify the Advanced settings of DC1.

QUESTION 352You are the administrator of an Active Directory Domain Services (AD DS) domain named contoso.com. The domain has a Microsoft Windows Server 2012 R2 server named Contoso-SR05 that hosts the File and Storage Services server role.Contoso-SR05 hosts a shared folder named userData.You want to receive an email alert when a multimedia file is saved to the userData folder.Which tool should you use?

A. You should use File Management Tasks in File Server Resource Manager.B. You should use File Screen Management in File Server Resource Manager.C. You should use Quota Management in File Server Resource Manager.D. You should use File Management Tasks in File Server Resource Manager.E. You should use Storage Reports in File Server Resource Manager.

Answer: B

QUESTION 353You have two servers, Server 1 and server 2.You create a custom data collector set DCS1 on Server 1.You need to export DCS1 from Server 1 to Server2.What should you do?

A. Right click on DCS1 and click on Export listB. Right click on DCS1 and click on Save templateC. Right click on DCS1 and click on Data ManagerD. Right click on DCS1 and click on Export manager

Answer: BExplanation:The function Save Template … lets you export the definition of a data collector set in an XML file. Subsequently, the Data Collector Set can be imported on Server2.

QUESTION 354You administrate an Active Directory domain named EnsurePass.com. The domain has a Microsoft Windows Server 2012 R2 server named EP-SR01 that hosts the File Server Resource Manager role service.You are configuring quota threshold and want to receive an email alert when 80% of the quota has been reached.Where would you enable the email alert?

A. You should consider creating a Data Collector Set (DCS).B. You should use Windows Resource Monitor.C. You should use the File Server Resource Manager.D. You should use Disk Quota Tools.E. You should use Performance Logs and Alerts.

Answer: CExplanation:To make use of email alerts, you need to configure the SMTP Server address details in the File Server Resource Manager options.

QUESTION 355Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify which domain controllers are authorized to be cloned using virtual domain controller cloning.Which cmdlet should you use?

QUESTION 356Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012.All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify which security principals are authorized to have their password cached on RODC1? Which cmdlet should you use?

QUESTION 357Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012.All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. Determine what domain controller needs to be online to promote a RODC.Which cmdlet should you use?

QUESTION 358Note: This Question is part of series of question that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012.All servers run Windows Server 2012 R2. All client computer run Windows 8.1. The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. What accounts are allowed to replicate their password with the RODC? Which cmdlet should you use?

QUESTION 359Note: This Question is part of series of question that use the same or similar answer choices.An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in the series. Information and detailed provided in a question apply only to that question. You network contains one Active Directory domain named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2012 R2. All client computer run Windows 8.1.The domain contains 10 domain controllers and a read-only domain controller (RODC) named RODC01. All domain controllers and RODCs are hosted on a Hyper-V host that runs Windows Server 2012 R2. You need to identify whose passwords can be stored, view stored passwords.Which cmdlet should you use?

QUESTION 360You have a DNS server that runs Windows Server 2012 R2. The server hosts the zone for contoso.com and is accessible from the internet.You need to create a DNS record for the Sender Policy Framework (SPF) to list that are authorized ti send email for contoso.comWhich type of record should you create?